On Thu, 23 Dec 2010 21:12 GMT Peter Addy wrote: >Hi, > >has anyone out there had any experience with setting up a VPN between a >Checkpoint NGX R65 with a Microsoft ISA Firewall. > >We have configured our Checkpoint as usual but with tunnel management set as >per >host. > >Strange thing is we can do the key exchange, exchange hosts, and can even see >the application being tested incoming, the packets comes into our firewall >which >is then decrypted, this then Nat's correctly and so forth to the destination >server, so all looks fine > >I even do a tcpdump on the internal interface on our firewall and can see >packets being exchange between the translation source IP and translated >destination server, however the user does not get any response back. > >If all looks fine and address translation is happening and we do not see any >errors in our logs, then does anyone please know what might be the problem? > >Has anyone out there had any experience with setting up a VPN between a >Checkpoint NGX R65 with a Microsoft ISA Firewall? > >We have configured our Checkpoint as usual but with tunnel management set as >per >host for this one device > >The user below gets the messages in his ISA Firewall log > >Log type: Firewall service >Status: A connection was closed because no SYN / ACK response is received from >the server > > >Log type: Firewall service >Status: A connection attempt failed because the connected party did not >properly >respond after a certain period of time, or established connection failed >because >connected host has failed to respond >Is there anything I have missed, why would the user not get a response back? >Also if we do a tcpdump on the external interface of the firewall for the host >address connecting, not the vpn gateway address, would we see this, or is this >within the tunnel and the only thing we should see is ISAKAMP, reason I ask is >that we do see on the external interface connections on say port 3389, surely >this is not right >Thanks > > >
Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway.